Home / malware Trojan:Win32/Pubavid.B
First posted on 24 September 2010.
Source: SecurityHomeAliases :
Trojan:Win32/Pubavid.B is also known as W32/Downldr2.IWXW (Authentium (Command)), Backdoor.Win32.Gootkit.bs (Kaspersky), W32/Gootkit.D (Norman), Backdoor.Gootkit.AR (VirusBuster), BackDoor.Generic12.BXHB (AVG), BDS/Gootkit.BS (Avira), Backdoor.Generic.407020 (BitDefender), BackDoor.Siggen.25874 (Dr.Web), Win32/Gootkit.L (ESET), Backdoor.Win32.Gootkit (Ikarus), Generic BackDoor!csw (McAfee), Trojan.Win32.Generic.522372A8 (Rising AV), Troj/Pubavid-A (Sophos), Trojan.Win32.Generic!BT (Sunbelt Software).
Explanation :
Trojan:Win32/Pubavid.B a detection for a trojan that decrypts and injects other malware into a newly created process.
Top
Trojan:Win32/Pubavid.B a detection for a trojan that decrypts and injects other malware into a newly created process. Installation The trojan may be installed as part of the installation of variants of Worm:Win32/Slenping, and may be present in the Windows Temporary Files folder as a file with a random name. Payload Injects code When executed, Trojan:Win32/Pubavid.B checks for the presence of an encrypted file. The file may have a random file name. The file is then decrypted and the resulting malware executable is injected into a new process. Additional information Trojan:Win32/Pubavid.B has been seen to be used with variants of Worm:Win32/Slenping.
Analysis by Ray RobertsLast update 24 September 2010
